YOU SHOULD NOT USE THIS CODE ANY LONGER

ALL MODERN BROWSERS SUPPORT CORS WHICH YOU SHOULD NOW USE WHICH REMOVES THE NEED FOR THIS

I HAVE LEFT THIS HERE FOR HISTORICAL REASONS

AJAST

Asynchronous Javascript and Script Tags

AJAST is a library that implements a Javascript objected named JsHttpRequest which can be used in place of the standard XmlHttpRequest object for performing AJAX requests. The main advantage of AJAST is its ability to make requests to foreign hosts (cross domain) which a standard AJAX request cannot do using a technique known as 'the script tag hack'.

AJAST leverages a technique that dynamically inserts <SCRIPT> tags into the <HEAD> of the document to force the browser to load a javascript file from a remote server. Javascript files are not bound to the same server which the website was hosted from thus enabling transport of data from foreign hosts with a well coordinated client and server set of scripts.

Capabilities

  • Cross domain capable
  • Fully XmlHttpRequest code compatible including abort()
  • Support for both GET and POST
  • No use of global variables
  • Capable of parallel requests
  • Guaranteed callback
  • Configurable timeout
  • Full garbage collection, no leaking of <SCRIPT> tags or global variables
  • Support for all modern browsers IE/FireFox/Chrome/Opera/Konquerer/Safari

POST Method

An additional consideration is that the <SCRIPT> tag insertion method does not support any HTTP method except GET. The AJAST library provides a simulated POST method by sending the payload as an encoded GET parameter (across multiple requests as necessary). There are several implementations available for reference here that demonstrate various levels of support for POST.

Server Side Requirements

Because the results must come in the form of Javascript code due to the use of a <SCRIPT> tag for transport, there must be an agreed upon transport mechanism. This means the server side resources receiving the AJAST requests must meet certain requirements. Sample server side scripts are provided with the library as a starting point:

  • ajast_full.php - A PHP implementation with full support of the both GET and POST method using PHP sessions as temporary storage for large POST requests
  • ajast_minpost.php - A PHP implementation with full support for GET, but only support for POST requests which can fit into a single request, this approach supports POST without using any state between requests
  • ajast_onlyget.php - A PHP implementation with full support for GET, no POST demonstrating the most basic request
  • ajast_full.pl - A complex perl implementation supporting full GET and POST using FastCGI and memcached as temporary storage for large POST requests.

Try the Live Demo to see these server side reference scripts in action.

I would welcome other reference scripts especially in ASP or .NET but I do not have an IIS web server to test and host the running reference scripts on. If someone provides them I will gladly link them in here.

Security Considerations

There are major security considerations with this approach. You are ultimately receiving data from a remote host which you may not have control over. Your site becomes much more vulnerable to cross site scripting attacks and other more heinous issues such as DNS poisoning of the remote host. These reasons are why standard AJAX is limited to the host which the page was loaded from.

However, people have been circumventing these limitations with other techniques such as proxies and even prior less formalized implentations of the AJAST approach. This library intends to only formalize and make ready an easier approach for bridging this information gap which is necessary for many advanced web applications. Use this library with caution, if you are not sure of your own security considerations consult a qualified professional who does.

For the purists who are sure to attack this technique as pure evil, please be aware that cross domain data access is happening all over the web today. Designers are just subverting the Ajax boundaries using other methods and even W3.org themselves recognize the futility of blocking cross domain data access, see http://dev.w3.org/2006/waf/access-control/. The reality is, the need to access data cross domain is a reality and people are doing it already with complex infrastructure. This library just intends to bridge the gap between today and tomorrow when browsers relax security around AJAX without complicated solutions.

Script Tag Technique

The basic script tag technique leverages the fact that browsers are allowed to load Javascript from remote hosts and the the browsers ability to generate dynamic script tags into the DOM using Javascript. When a request is initiated a script tag is created and appended to the <HEAD> of the document which points to the resource that will provide the data. The resource which provides the data responds with a custom Javascript file that has the return values loaded into crafty pre-determined variable names. The script detects when this 'new' javascript document is loaded and harvests the results form these pre-determined variable names.

Browser requests for Javascript are always made with a GET method, never a POST and thus typically this approach does not allow posting data to the server. This library gets around this limitation by simulating the post over a GET by appending the post data as a URL query parameter. This has obvious length limitations which also are overcome by more advanced server side support. The example server side scripts provide reference implementations for all the various modes of POST support (or the lack there of).

Example Usage

The AJAST library creates a code compatible version of the browsers built in XmlHttpRequest object and therefore the best documentation is existing XmlHttpRequest object documentation together with the required server side scripting protocol. The application code that uses the library and consumes the results may not need any special considerations at all if it already works with the existing XmlHttpRequest object. The server side script will have to be created in the model of the references for compatibility. The Wikipedia Article on XmlHttpRequest object is an excellent starting point.

Here is an example usage:

<html>
  <head>
    <script type="text/javascript" src="http://ajast.org/ajast/ajast.js"></script>
    <script type="text/javascript" src="http://www.json.org/json2.js"></script>
    <script id="TestScript" Language="javascript">
      function test()
      {
        var xmlhttp = new AJAST.JsHttpRequest();
        xmlhttp.onreadystatechange = function()
        {
          if (xmlhttp.readyState==4) // 4 = "loaded"
          {
            if (xmlhttp.status == 200)
              alert('Success: ' + xmlhttp.status + ' -> ' + xmlhttp.statusText);
            else
              alert('ERROR: ' + xmlhttp.status + ' -> ' + xmlhttp.statusText);
          }
        }
        xmlhttp.open("GET", 'http://riffelspot.com/ajast/ajast_full.php');
        xmlhttp.send();
      }
    </script>
  </head>
  <body onload="test();">Please wait...</body>
</html>

Place this code in a local HTML file on your desktop and open it with your favorite browser. It will fetch results from riffelspot.com which is not normally allowed.

The best documentation is probably the Live Demo and viewing the sources directly.

Extra Features

The AJAST library has a few extra features not available on the traditional XmlHttpRequest object.

Request Timeout

Technically, you cannot turn off the request timeout or else you will break Webkit browser support. Every request has a timeout running on it and you can configure the timeout for all requests, or just each individual request as follows:

// Set the global request timeout for all requests to 30 seconds
AJAST.maxInterval = 30000;
 
// Set a specific request to 5 seconds
xmlhttp.maxInterval = 5000;

Sending Javascript Objects

The traditional send method only accepts a string of post data, but the AJAST send method will accept a Javascript object and convert it to a JSON string for transmit IF YOU HAVE INCLUDED json2.js otherwise it will throw an error. You can get json2.js from http://www.json.org.

Extra Properties

You can pass extra properties back from your server script and they will be applied to your AJAST JsHttpRequest object as public properties which you can use when the request is completed. For example, in the server scripts you will see the return values set as follows:

echo "AJAST.INCOMING.t" . $seq . ".status = 200;";

You can add the following for example:

echo "AJAST.INCOMING.t" . $seq . ".responseJSON = { this: 'that' };";

and then after your request is completed successfully you can:

alert(xmlhttp.responseJSON.this);

You can add any number of properties, I suggest checking that they exist before using them blindly in case of errors.

License

The reference server side scripts and demo web page are released into the public domain.

This AJAST library (ajast.js and ajast-min.js) are released under the BSD license:

AJAST- Asynchronous Javascript and Script Tags v1.0

Copyright (c) 2009, Jason Riffel
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
    * Redistributions of source code must retain the above copyright
      notice, this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright
      notice, this list of conditions and the following disclaimer in the
      documentation and/or other materials provided with the distribution.
    * Neither the name of the <organization> nor the
      names of its contributors may be used to endorse or promote products
      derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY Jason Riffel ''AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL <copyright holder> BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Common Problems

Caching

Probably the most common problem with AJAX in general and AJAST is the lack of cache controls applied to the resource. I've read many articles tell you to mangle the request URL with Math.Rand, but this is a total hack. The reality is your scripts on the server MUST disable caching of the document before sending content to the browser. See the server reference scripts for an example. If you fail to set these headers you will certainly have issues and even after correcting them because of the cached results in the browser. You will need to fully purge all cached data from your browser once the headers are set correctly.

Caching and Script Errors

A very common problem when authoring server side scripts for AJAX and AJAST is a run time error that happens before the headers are sent disabling caching. In this case the browser WILL cache the results even tho in your code you have disabled that. If you continue to see failures or strange behavior, purge all cached data from your browser after fixing the script.

Caching

Didn't I already mention this? In general this should be the first line of attack on bizarre problems, clear your cache, clear your cache, and then clear your cache again. Make sure your server side scripts are disabling caching, I cannot emphasize this enough. If in doubt use a tool like Wireshark, Fiddler2, or Web Scarab to analyze your web traffic and validate your headers and requests.

Partial Posts and 100 Continue

The statusText string returned on a partial post continue MUST be phrased exactly as shown in the reference scripts. The AJAST library parses this string for the offset and key for resuming the post. It is a deceptively human like string, for my personal benefit. Do not change the format.

Other Implementations

There are other implementations available for this technique on the web, one in particular which appears to be the first ever created can be found at:

http://ox.no/posts/ajast-cross-domain-rest-calls-using-json-injection

Discussion

utucaly, 2016/10/06 00:41

prokru.pl

Septian Maualan Herbal, 2016/10/27 01:12

Selamat pagi, sukses selalu https://goo.gl/FkmQH5 http://grosirgreenworld.com/efek-samping-dan-bahaya-suntik-pembesar-penis/

liyoskin, 2017/02/27 14:29

http://creampemutihwajah.biz/

CREAM PEMUTIH WAJAH AMAN, 2017/02/27 15:42

http://www.yashodaracream.com/ http://www.yashodaracream.com/cream-pemutih-wajah-liyoskin/ http://www.yashodaracream.com/krim-pemutih-wajah-yang-tidak-mengelupas/ http://www.yashodaracream.com/cream-yang-cepat-menghilangkan-bekas-jerawat/ http://www.yashodaracream.com/cream-pelicin-wajah-yang-bagus/ http://www.yashodaracream.com/cream-pemutih-wajah-aman-tanpa-merkuri/ http://www.yashodaracream.com/testimoni-pengguna-cream-wajah-liyoskin/ http://www.yashodaracream.com/krim-untuk-mencerahkan-wajah-terbaik/ http://www.yashodaracream.com/liyoskin-cream-wajah/ http://www.yashodaracream.com/alasan-melilih-cream-wajah-bpom-liyoskin/ http://www.yashodaracream.com/cara-mencerahkan-kulit-wajah-secara-alami/ http://www.yashodaracream.com/krim-yang-ampuh-untuk-memutihkan-kulit-wajah/ http://www.yashodaracream.com/nama-cream-pemutih-wajah-yang-aman/ http://www.yashodaracream.com/cara-menghilangkan-flek-hitam-di-wajah/ http://www.yashodaracream.com/cream-yang-aman-untuk-memutihkan-kulit-wajah/ http://www.yashodaracream.com/krim-pencerah-wajah-yang-bagus-dan-aman/ http://www.yashodaracream.com/cream-penghilang-flek-hitam-terbaik-dan-aman/ http://www.yashodaracream.com/cream-pemutih-wajah-yang-bagus-terdaftar-bpom/ http://produkwootekh.planet-herbal.com/ http://produkwootekh.planet-herbal.com/liyoskin-cream-pemutih-wajah-tanpa-ketergantungan/ http://produkwootekh.planet-herbal.com/cream-malam-yang-bagus-dan-hasilnya-permanen/ http://produkwootekh.planet-herbal.com/cream-anti-aging-yang-bagus-dan-aman/ http://produkwootekh.planet-herbal.com/cream-wajah-biar-awet-muda-yang-bagus/ http://produkwootekh.planet-herbal.com/cream-malam-pemutih-wajah-yang-aman/ http://produkwootekh.planet-herbal.com/liyoskin-cream-wajah-murah/ http://produkwootekh.planet-herbal.com/cream-wajah-yang-aman-untuk-ibu-hamil-dan-menyusui/ http://produkwootekh.planet-herbal.com/harga-resmi-fair-n-pink-terbaru/ http://produkwootekh.planet-herbal.com/fair-n-pink-serum-pencerah-kulit-terbaik/ http://produkwootekh.planet-herbal.com/cara-menghilangkan-kantung-mata-yang-hitam/ http://www.creamyashodara.net/ http://www.creamyashodara.net/cara-pesan-cream-wajah-liyoskin/ http://www.creamyashodara.net/cream-pemutih-wajah-liyoskin/ http://www.creamyashodara.net/cream-pemutih-wajah-yang-aman-dan-bagus/ http://www.creamyashodara.net/cara-menghilangkan-melasma-dengan-cepat/ http://www.creamyashodara.net/cara-cepat-menghilangkan-flek-hitam-di-wajah/ http://www.obatkolesteroltinggijamkho.com/ http://www.jamsiobatpenyakitgula.com http://www.obatherbalkolesteroll.com/ http://www.obatkolesteroll.com/ http://www.maderikobatasamurat.com/ http://www.obatkolesterol.kaisarherba.com/ http://www.jamkhoobatkolesterol.com/ http://www.jualjamkhoherbal.com/

liyoskin, 2017/06/06 04:13

http://www.enggalpesen.com/

Enter your comment (wiki syntax is allowed):
TCFKT
ajast/main.txt · Last modified: 2013/12/04 23:56 by riff